A security token service (STS) is the service component that
builds, signs, and issues security tokens. It can issue Kerberos,
RSA, X.509, SAML 1.1, and SAML 2 tokens, or it can issue custom
tokens. You can use a cloud STS such as a LiveID STS, a pre-built
STS such as Active Directory® Federation Services (AD FS) 2.0, or,
if you want to issue custom tokens or provide custom authentication
or authorization, you can build your own custom STS using WIF. AD
FS 2.0 is itself built on WIF. WIF makes it easy to build your own
STS; however, it also provides extensibility points to implement
your own authentication logic based on your business
requirements.

This section contains topics that discuss building a Security
Token Service (STS).